This is what I do, but with Unbound dns on opnsense with dns forwarding to my business cloudflare account which gives me additional filtering options.
Allows me to properly do dns caching and filtering in Unbound and then leverage cloudflare to do additional security threat filtering on top.
Then it's just a matter of setting up a firewall rule to redirect any port 53 to the local Unbound dns and blocking all 853 traffic to ensure all iot devices aren't using their own hard-coded dns.
What they don't advertise is how many of those "new" subscribers are actually from their "emerging" markets such as India, where a subscription price is peanuts. Also, im fairly certain these numbers are intentionally skewed to paint a better picture as they lump in all the "free" accounts people get with their other subscriptions.
I get Paramount+ free with Walmart+. I get Hulu/Netflix/AppleTV with Tmobile Mobile. I get Max with ATT Fiber.
I'm sure that these streaming companies have more new subscribers when they literally give it away and simultaneously strangling their existing consumers. It's more of a question of how long is it sustainable for them to raise prices every time they're not going to have a record quarter.